PureConnect

Discussion Thread View
Expand all | Collapse all

cicadmin account and security

  • 1.  cicadmin account and security

    Posted 08-26-2021 09:47
    Does anyone know whether or not interactive logon is ever required for cicadmin?
    Our security folks are looking to lockdown anything they possibly can and the cicadmin account is part of the discussion.
    We typically log into our PureConnect servers (IC servers & Media servers) using cicadmin when we're making server or IC configuration changes, but I wasn't sure if this was necessary.
    Back when we first implemented the Interactive Intelligence CIC solution (3.0 was new) we were told this was the best practice, but that's likely not the case anymore.
    I need to find out how far we can go toward locking down the cicadmin account without breaking stuff.

    Thanks!

    Brandon
    #SystemAdministration

    ------------------------------
    Brandon Weaver
    SAIC
    ------------------------------


  • 2.  RE: cicadmin account and security

    GENESYS
    Posted 08-26-2021 12:53
    Brandon,

    Once you have set IC up, most configuration changes don't require you to log into your servers at all! Sure, updates to the software, but... Even then, I believe you simply need an account with local admin rights, not necessarily ICAdmin (would need to verify that.)

    I'm not sure who told you that doing this stuff from the server was recommended, or why they said that!

    Anyway, I recommend adding your account to the Administrators Role and then running IA, Attendant etc. on your local PC (logged in as you.) Same for other people who administer the system. Once you are doing this, then AFAIK, the ICAdmin account no longer needs interactive login rights, which is one way of getting the security folks to agree to exempt it from password change policies. (Changing the ICAdmin's password is a whole ton of work you really could do without!)

    This also has the side-benefit that all Logs and audit trails will show who made the change and from where, rather than just "ICAdmin from the Server". This can help when troubleshooting.

    HTH

    ------------------------------
    Paul Simpson
    Senior Technical Instructor
    ------------------------------



  • 3.  RE: cicadmin account and security

    Posted 08-27-2021 08:13
    Edited by Brandon Weaver 08-27-2021 08:14
    Thanks Paul! Could you possibly verify the bit about needing ICAdmin for software updates?

    ------------------------------
    Brandon Weaver
    SAIC
    ------------------------------